Description
Describe the bug
When installing the collection on a fresh server I receive this error:
The specified fingerprint, '573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62', does not match the key fingerprint '8540A6F18833A80E9C1653A42FD21310B49F6B46
When looking at the gpg key on an ubuntu wsl I can see there was a new key created on 29/5 - It appears that the install is defaulting to this key:
`[REDACTED ] $ gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
pub rsa4096 2024-05-29 [SC]
8540A6F18833A80E9C1653A42FD21310B49F6B46
uid nginx signing key signing-key-2@nginx.com
pub rsa2048 2011-08-19 [SC] [expires: 2027-05-24]
573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
uid nginx signing key signing-key@nginx.com
pub rsa4096 2024-05-29 [SC]
9E9BE90EACBCDE69FE9B204CBCDCD8A38D88A2B3
uid nginx signing key signing-key-3@nginx.com`
In the code under tasks/keys/setup-keys.yml
I can see the rsa2048 key specified:
- name: (Red Hat/SLES OSs) Add NGINX signing key ansible.builtin.rpm_key: fingerprint: 8540A6F18833A80E9C1653A42FD21310B49F6B46 key: "{{ keysite }}" when: ansible_facts['os_family'] in ['RedHat', 'Suse']
To reproduce
Packer shell provisioner installs the collections:
"ansible-galaxy collection install community.general && sleep 10",
"ansible-galaxy collection install ansible.posix && sleep 10",
"ansible-galaxy collection install nginxinc.nginx_core && sleep 10",
"ansible-galaxy collection install community.crypto && sleep 10",
Playbook:
`---
- hosts: all
become: true
collections:- nginxinc.nginx_core
roles: - nginx`
- nginxinc.nginx_core
Expected behavior
Install nginx
Your environment
-nginxinc.nginx_core:0.8.0
- community.general:9.0.1
- ansible.posix:1.5.4
- community.crypto:2.20.0
Additional context
This was working before the 29th.
Is there a way to specify the rsa2048key as a var, or does the code need updating with a PR?
Thanks